diff --git a/crates/oidc-client/src/error.rs b/crates/oidc-client/src/error.rs
index 2aeb158a..0c8972f9 100644
--- a/crates/oidc-client/src/error.rs
+++ b/crates/oidc-client/src/error.rs
@@ -24,7 +24,6 @@ use mas_jose::{
     jwa::InvalidAlgorithm,
     jwt::{JwtDecodeError, JwtSignatureError, NoKeyWorked},
 };
-use mas_keystore::WrongAlgorithmError;
 use oauth2_types::{
     errors::ClientErrorCode, oidc::ProviderMetadataVerificationError, pkce::CodeChallengeError,
 };
@@ -693,8 +692,8 @@ pub enum CredentialsError {
     JwtClaims(#[from] ClaimError),
 
     /// The key found cannot be used with the algorithm.
-    #[error(transparent)]
-    JwtWrongAlgorithm(#[from] WrongAlgorithmError),
+    #[error("Wrong algorithm for key")]
+    JwtWrongAlgorithm,
 
     /// An error occurred when signing the JWT.
     #[error(transparent)]
diff --git a/crates/oidc-client/src/types/client_credentials.rs b/crates/oidc-client/src/types/client_credentials.rs
index d760447d..c7c6d04f 100644
--- a/crates/oidc-client/src/types/client_credentials.rs
+++ b/crates/oidc-client/src/types/client_credentials.rs
@@ -340,7 +340,10 @@ impl RequestClientCredentials {
                         let key = keystore
                             .signing_key_for_algorithm(&signing_algorithm)
                             .ok_or(CredentialsError::NoPrivateKeyFound)?;
-                        let signer = key.params().signing_key_for_alg(&signing_algorithm)?;
+                        let signer = key
+                            .params()
+                            .signing_key_for_alg(&signing_algorithm)
+                            .map_err(|_| CredentialsError::JwtWrongAlgorithm)?;
                         let mut header = JsonWebSignatureHeader::new(signing_algorithm);
 
                         if let Some(kid) = key.kid() {